Final agreement on data protection regulation
With the European Parliament’s agreement on a final text for the General Data Protection Regulation on 17 December, the new European data protection regulation is now likely to enter into force in spring 2018.
In this latest version of the regulation, large organisations will have to pay specific attention to the following provisions:
- The mandatory appointment of a data protection officer but only for organisations whose core activities consist of processing a large amount of personal data (‘regular and systematic monitoring of data subjects on a large scale’);
- Fines for breaching the regulation of up to 4% of global turnover;
- The notification of a personal data breach to the supervisory authority no later than 72 hours after having become aware of it;
- No effective system of ‘one decision, one outcome’ for cross-borders cases. EU citizens could still complain to their local data protection authority even if the case is already pending in another EU jurisdiction.
The final version of the regulation still gives each national data protection authority a margin of discretion on a case-by-case basis to matters like sanctions, definition of high risk processing, claims handling and so on. This is preventing the regulation from achieving the initial ‘one stop shop’ wanted in the original proposal from the European Commission in 2012.
This compromise with the Council (co-legislator) and the European Commission is the result of many months of negotiations among the three EU institutions. The text has been adopted by the Civil Liberties Committee, which is leading the dossier at the European Parliament, and will now be formally endorsed during a plenary session of the Parliament.
Two years after its publication in the official journal of the EU, the new regulation will be fully applicable in 2018 in the European Union.
FERMA has launched the 2016 European Risk and Insurance Survey
This past April 8th, the Federation of European Risk Management Associations (FERMA) launched its eighth two-yearly edition of the European Risk and Insurance Survey in seven languages and relying on the collaboration of 21 association members.
The project is led by the Vice Chair and member of the Board of Directors of FERMA, Cristina Martínez, who is also Corporate Director of Risk Control and Management at Sacyr and member of the Board of Directors of the Spanish Association of Risk and Insurance Management (IGREA). Martínez stresses that the survey results will reveal how the profession has developed and evolved between 2002 and the present time.
The questions in the questionnaire are grouped into three sections: 1) the role of risk managers and the profession of risk managers: 2) a view of risk management in Europe and 3) risk financing, including insurers and captive companies.
The survey results will be presented during the Risk Management Seminar, scheduled for early October in Malta (see Agenda of this issue). The data will provide very useful information to risk managers and contribute to the visibility of their profession. The European Risk and Insurance Report is also a source of strategic information for bringing risk management into the debates at the heart of the European Union.